Financial firms need to take an active role in adopting and governing OSS's broader usage, according to Black Duck Software's CEO.

For banks – as for other businesses – economic trends are forcing a re-evaluation of business-as-normal. Financial services businesses do not expect to return to the pre-crash levels of 2008 anytime soon and can no longer think of cost-cutting as a temporary measure. Fee-based services such as stock trading, which are facing stagnant and possibly lower revenues – are heightening pressure on costs, and across the board, banks are facing increasing pressure to improve efficiencies, cut costs and meet ever-more complex regulations.

Tim Yeaton, Black Duck Software

IT represents as much as 20-40 percent of a firm’s operating costs, making it one of the largest departments in a capital bank or financial services firm – and an obvious cost-cutting target. Containing costs is an essential strategy for CIOs and Directors of IT, many of whom are facing the difficult reality of staff reductions and budget freezes while adjusting to the new normal.

As such, banks are evaluating the costs of commercial software versus the opportunity presented by open source software (OSS) to drive down IT costs.

But beyond cost pressures, other trends are leading to increased adoption of open source on Wall Street, such as regulatory pressure, the demand for application development to support mobile platform use, and the need to control the costs of innovation while accelerating time-to-solution.

Client demand for access to accounts from smartphones and tablets has banks worldwide scrambling to respond to requests from customers using mobile devices. Many of these applications are built on open source and leverage open source back-end infrastructure as well. A recent Forrester Research study of 542 developers (sponsored by Black Duck) revealed that 92 percent were using open source software to develop mobile apps.

Meanwhile, regulatory pressure is also driving application development. Since November 2012, 5,501 new federal regulations have been posted to www.regulations.gov; a quick query of the site for new financial regulations returns 2,698 results. In addition to these new regulations, the industry has seen increased monitoring and reporting requirements for Dodd-Frank and Basel III, which are pushing banks towards maintaining standardized environments and away from offering customized, premium services – such as services that support the very lucrative area of derivatives trading.

Prior to regulations such as Dodd-Frank, derivatives trades were not subject to public scrutiny. But new regulations mandate transparency in the derivatives market and standardize trading on external exchanges where prices are listed. With stock and bond trading largely commoditized and automated, and with stable (not increasing) volumes, and derivatives (i.e. structured product) trading under stricter regulation, revenues are declining overall while costs remain stable or are increasing. IT costs to maintain these offerings and services are becoming a larger percentage of revenue and are, therefore, coming under increasing pressure. Here, as in mobile app development, capital banks are looking to open source to provide the edge for strategic development projects by reducing dependence on costly commercial software licenses.

Open source software is both commoditizing commercial software as well as providing building blocks to speed development of new banking applications. Leading OSS projects such as Linux, Eclipse, Apache, JBoss and SpringSource have been widely adopted in financial services organizations, offering not only superior price/performance advantages but also an alternative to commercial software. In addition, in many cases it can be faster to adopt a building blocks approach, reusing OSS components, than it is to write application code from scratch.

Where open source is gaining traction

The most popular open source projects in financial services are oriented toward web and mobile applications, including browsers, web servers, development tools and search engines. Open source projects quickly gaining adoption include SpringSource, JBoss, MySQL, ActiveMQ and Camel, which offer open source equivalents to commercial application servers, databases, message brokers and integration brokers. Many banks already use the Linux operating system and Eclipse development tools, in many cases because Red Hat, Oracle and others offer enterprise-level support. Banks which have made the decision to use these open source projects have the jump on institutions still evaluating OSS technologies, not only from a technology standpoint but also organizationally – they are better positioned to manage the expectations and productivity of multigenerational workforces, with many younger, OSS-savvy developers, and they are often active contributors to the OSS projects they are utilizing.

Also on the upswing is awareness of the tremendous innovation of the open source community development model, which improves both code sharing and developer productivity. Much as in the automotive, aerospace and health care industries, banks are moving to explore community development further with the internal adoption of community-based collaborative development models derived from open source projects. New communities like Deutsche Bank’s Lodestone Foundation and the New York Stock Exchange’s OpenMama are prime examples.

OSS is also increasingly used in applications to help banks assess strategic risk, or the potential impact on earnings and capital from adverse business decisions, improper implementation or lack of response to industry dynamics. OSS data analysis frameworks such Hadoop are playing a major role in these scenarios.

Barriers to broader adoption of OSS

Despite the success of industry innovators who openly rely on OSS and the clear rationale for the use of open source, some capital banks still impose significant roadblocks to its adoption. These include a lack of trust in the enterprise readiness of OSS as well as historical barriers to cooperation and sharing across departments and cultural challenges.

Banks and CIOs are accustomed to superior support from large software vendors, and comfortable with the knowledge that it’s easier to call one big vendor when a problem arises than it is to track down what they imagine will be ten open source project leads – the old “one throat to choke” adage. The solution to the perceived lack of accountability, access and quality is automated compliance and controls to monitor the adoption and use of OSS, coupled with policies to ensure OSS components are managed throughout the development and use lifecycle. These solutions make it easier than ever for capital banks to confidently and easily deploy and use OSS at enterprise scale.

In addition, intellectual property rights concerns persist, particularly in investment banks where 60-70 percent of applications are internally developed and an application’s quality and uniqueness is seen as a competitive advantage. And bank applications are tightly locked down. OSS adoption means these organizations must embrace governance to ensure software will be monitored and managed according to bank policies, with all updates introduced in a controlled manner. The good news is that strong open source compliance programs make it simple to effectively manage OSS code throughout the development lifecycle – in effect, tech comes to its own rescue. OSS governance policies and procedures also allow service level agreements (SLAs) to be maintained as they are for commercial software applications.

Finally, capital banks face cultural and generational challenges to OSS adoption. While OSS has achieved traction among younger developers and enterprise architects because it is collaborative, transparent and egalitarian, banks are by nature hierarchical and siloed. A centralized strategy to monitor and control use makes it simpler for employees to understand policies and procedures governing the use of OSS while encouraging cross-organizational collaboration. Effective management systems also offer firms the ability to create an approved software catalog as well as processes for moving OSS components and code into the catalog, empowering all developers and architects.

Other factors leading to increased use of OSS at capital banks

As IT shifts toward a younger workforce and slimmer budgets, financial services organizations are taking an increasing interest in the OSS development model. Recent college graduates are skilled in OSS development, and it is becoming increasingly common for younger workers and managers to have worked with OSS code, components, and communities at other jobs. Not only are they experienced in using OSS, but they’re also looking for job opportunities that encourage them to do so. This younger workforce is starting to ask, “Why can’t banks use OSS like we did at college or in the company I last worked for?”, which can be a pretty difficult question to answer since the logic for OSS adoption is sound and the cost justification is clear.

Implementing OSS Compliance and Policies

Clearly, banks will benefit from an IT strategy that embraces broader use of open source, coupled with policies which address how and where OSS can be used, and automated infrastructure to manage the sourcing, approval, validation, and reuse of approved OSS. This isn’t difficult since many sample OSS policies, best practices and management suites are available. It’s a last-mile problem: the technology is there, and it’s up to CIOs and IT leaders to best implement and use it.

Established bank IT compliance practices should be adapted to include OSS, a necessity in any situation with shared technology infrastructure and common, reusable application components, not to mention decreasing budgets. Most banks already have policies in place to control or limit the use of OSS – it’s time to take an active role in adopting and governing its broader usage, both for the innovation and competitive advantage, and internal cost-cutting necessities of doing more with less.

Tim Yeaton joined Black Duck Software in February of 2009, and brings over 30 years of software and technology management experience to his role as President, CEO and Director.

An issue is also the misconception that OSS would be of lesser quality. This is because some OSS components are free and "What is free is worthless". In fact it is quite the opposit. To "open" the source, code has to be of top quality. Most closed source vendors would not meet the standards.How, do you think the OSS community should adress this point?

This sounds like a major paradigm shift for banks which are used to locking down proprietary-á applications, and calling a big vendor when there is a problem.-á-á I can see how pressure to cut costs and regulations such as Dodd-Frank mandate that they bring more transparency into monitoring and reporting on derivatives, will also push firms into standardizing their software and adopting OSS policies and governance procedures. But the cultural shift toward a younger workforce that already has experience with OSS at college and earlier jobs, will no doubt spur change.

This sounds like a major paradigm shift for banks which are used to locking down proprietary-á applications, and calling a big vendor when there is a problem.-á-á I can see how pressure to cut costs and regulations such as Dodd-Frank mandate that they bring more transparency into monitoring and reporting on derivatives, will also push firms into standardizing their software and adopting OSS policies and governance procedures. But the cultural shift toward a younger workforce that already has experience with OSS at college and earlier jobs, will no doubt spur change.